Monday, September 6, 2010

Live View – no Virtual Server 2.x support

Wanted to use Live View to check out a couple of dd images from a set of workstations.  Primary goal was to extract VHD files from the workstations dd images for a separate analysis task but also needed to check some “live” system behavior.

I’m using Windows Vista x64 at the moment and it requires digitally signed drivers.  Unfortunately, this means Virtual Server 1.x series will not function correctly on my workstation because the 1.x series does not include signed drivers for all necessary virtualized devices.  No network and/or no USB device. 

Being to lazy to build a 32-bit box I decided to see if I could get Live View to work with Virtual Server 2.x series.  Actually, it wasn’t really laziness (piles of spare parts just don’t want to build a box right now) so much as I don’t have a USB KVM and my desk is already loaded up with monitors.  A little bit of research on the Live View forums indicated that the 2.x series is not supported at this time.  Unfortunately, Virtual Server and Workstation can not co-exist on the same workstation and I need Virtual Server for another piece of the analysis workflow. Bummer for me, no Virtual Server 2.x goodness for this project unless I want to start code spelunking Live View or go the VMWare Workstation route on a separate workstation.

  “Summon Laptop”.   So I downloaded and installed the following: VMWare Workstation 7.x;  Virtual Disk Development Kit (VDDK); Live View Public installer.  And now I have Live View installed on a separate workstation.  Next step in the plan was to use this install of Live View to copy dd  images on external drive to vmdk files on an external drive.  Then plug that drive into the workstation with Virtual Server for actual artifact extraction and analysis.  We’ll see how that works out in a  bit.

No comments: